StorageBackedAccountLockoutManager (Shibboleth IdP :: Authentication Implementation 3.4.1 API)

java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
  - - net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
    - - net.shibboleth.idp.authn.impl.StorageBackedAccountLockoutManager

All Implemented Interfaces:

AccountLockoutManager, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent
```
public class StorageBackedAccountLockoutManager
extends AbstractIdentifiableInitializableComponent
implements AccountLockoutManager
```
Implementation of AccountLockoutManager interface that relies on a StorageService to track lockout state.

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static class StorageBackedAccountLockoutManager.UsernameIPLockoutKeyStrategy
A function to generate a key for lockout storage.

Nested Classes
Modifier and Type	Class and Description
`static class`	`StorageBackedAccountLockoutManager.UsernameIPLockoutKeyStrategy` A function to generate a key for lockout storage.

Field Summary

Fields
Modifier and Type	Field and Description
`private com.google.common.base.Function<ProfileRequestContext,Long>`	`counterIntervalLookupStrategy` Lookup function for interval after which counter is reset.
`private boolean`	`extendLockoutDuration` Controls whether attempts against locked accounts extend duration.
`private com.google.common.base.Function<ProfileRequestContext,Long>`	`lockoutDurationLookupStrategy` Lookup function for duration of lockout.
`private com.google.common.base.Function<ProfileRequestContext,String>`	`lockoutKeyStrategy` Lookup function to produce account lockout keys.
`private org.slf4j.Logger`	`log` Class logger.
`private com.google.common.base.Function<ProfileRequestContext,Integer>`	`maxAttemptsLookupStrategy` Lookup function for maximum failed attempts within window.
`private StorageService`	`storageService` Backing service.

Constructor Summary

Constructors
Constructor and Description

StorageBackedAccountLockoutManager()
Constructor.

Constructors
Constructor and Description
`StorageBackedAccountLockoutManager()` Constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`boolean`	`check(ProfileRequestContext profileRequestContext)`
`boolean`	`clear(ProfileRequestContext profileRequestContext)`
`protected boolean`	`doIncrement(ProfileRequestContext profileRequestContext, String key, int retries)` Implement invalid login attempt counter via storage service, retrying as necessary.
`protected void`	`doInitialize()`
`boolean`	`increment(ProfileRequestContext profileRequestContext)`
`void`	`setCounterInterval(long window)` Set interval after which counter is reset.
`void`	`setCounterIntervalLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Long> strategy)` Set lookup function for interval after which counter is reset.
`void`	`setExtendLockoutDuration(boolean flag)` Set whether to extend the lockout duration on attempts during lockout.
`void`	`setLockoutDuration(long duration)` Set lockout duration.
`void`	`setLockoutDurationLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Long> strategy)` Set lookup function for lockout duration.
`void`	`setLockoutKeyStrategy(com.google.common.base.Function<ProfileRequestContext,String> strategy)` Set the strategy function to compute the account lockout key.
`void`	`setMaxAttempts(int attempts)` Set the maximum failed attempts within window.
`void`	`setMaxAttemptsLookupStrategy(com.google.common.base.Function<ProfileRequestContext,Integer> strategy)` Set lookup function for maximum failed attempts within window.
`void`	`setStorageService(StorageService storage)` Set the `StorageService` back-end to use.

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
setId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
getId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent
getId

Field Detail

log
```
@Nonnull
private org.slf4j.Logger log
```
Class logger.

storageService

@NonnullAfterInit
private StorageService storageService

Backing service.

lockoutKeyStrategy

@Nullable
private com.google.common.base.Function<ProfileRequestContext,String> lockoutKeyStrategy

Lookup function to produce account lockout keys.

maxAttemptsLookupStrategy

@Nonnull
private com.google.common.base.Function<ProfileRequestContext,Integer> maxAttemptsLookupStrategy

Lookup function for maximum failed attempts within window.

counterIntervalLookupStrategy

@Nonnull
private com.google.common.base.Function<ProfileRequestContext,Long> counterIntervalLookupStrategy

Lookup function for interval after which counter is reset.

lockoutDurationLookupStrategy

@Nonnull
private com.google.common.base.Function<ProfileRequestContext,Long> lockoutDurationLookupStrategy

Lookup function for duration of lockout.

extendLockoutDuration
```
private boolean extendLockoutDuration
```
Controls whether attempts against locked accounts extend duration.

Constructor Detail
- StorageBackedAccountLockoutManager
```
public StorageBackedAccountLockoutManager()
```
  Constructor.

Method Detail

setStorageService

public void setStorageService(@Nonnull
                     StorageService storage)

Set the StorageService back-end to use.

Parameters:: storage - the back-end to use

setLockoutKeyStrategy
```
public void setLockoutKeyStrategy(@Nonnull
                         com.google.common.base.Function<ProfileRequestContext,String> strategy)
```
Set the strategy function to compute the account lockout key.
Defaults to a concatenation of the username and client address.

Parameters:
strategy - strategy function

setMaxAttempts
```
public void setMaxAttempts(@Positive
                  int attempts)
```
Set the maximum failed attempts within window.
Defaults to 5.

Parameters:
attempts - maximum failed attempts

setMaxAttemptsLookupStrategy

public void setMaxAttemptsLookupStrategy(@Nonnull
                                com.google.common.base.Function<ProfileRequestContext,Integer> strategy)

Set lookup function for maximum failed attempts within window.

The function MUST return a positive value.

Parameters:: strategy - lookup function

setCounterInterval

@Duration
public void setCounterInterval(@Duration@Positive
                               long window)

Set interval after which counter is reset.

Defaults to 5 minutes.

Parameters:: window - counter window

setCounterIntervalLookupStrategy

public void setCounterIntervalLookupStrategy(@Nonnull
                                    com.google.common.base.Function<ProfileRequestContext,Long> strategy)

Set lookup function for interval after which counter is reset.

The function MUST return a positive value.

Parameters:: strategy - lookup function

setLockoutDuration

@Duration
public void setLockoutDuration(@Duration@Positive
                               long duration)

Set lockout duration.

Defaults to 5 minutes.

Parameters:: duration - lockout duration

setLockoutDurationLookupStrategy

public void setLockoutDurationLookupStrategy(@Nonnull
                                    com.google.common.base.Function<ProfileRequestContext,Long> strategy)

Set lookup function for lockout duration.

The function MUST return a positive value. Use a large value for permanent lockout.

Parameters:: strategy - lookup function

setExtendLockoutDuration
```
public void setExtendLockoutDuration(boolean flag)
```
Set whether to extend the lockout duration on attempts during lockout.

Parameters:
flag - flag to set

doInitialize
```
protected void doInitialize()
                     throws ComponentInitializationException
```
Overrides:

doInitialize in class AbstractIdentifiedInitializableComponent

Throws:

ComponentInitializationException

check

public boolean check(@Nonnull
            ProfileRequestContext profileRequestContext)

Specified by:: check in interface AccountLockoutManager

increment

public boolean increment(@Nonnull
                ProfileRequestContext profileRequestContext)

Specified by:: increment in interface AccountLockoutManager

clear

public boolean clear(@Nonnull
            ProfileRequestContext profileRequestContext)

Specified by:: clear in interface AccountLockoutManager

doIncrement

protected boolean doIncrement(@Nonnull
                  ProfileRequestContext profileRequestContext,
                  @Nonnull@NotEmpty
                  String key,
                  int retries)

Implement invalid login attempt counter via storage service, retrying as necessary.

Parameters:: profileRequestContext - current profile request context; key - account lockout key; retries - number of additional retries to allow
Returns:: true iff successful

Class StorageBackedAccountLockoutManager

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent